Add GreyNoise Psychic data feed IP enrichment

[phillip-stephens]

This PR adds annotation support for GreyNoise's data feed through their Psychic data download.

Example:

echo "14.1.105.157" | zannotate --greynoise --greynoise-database=/tmp/m3.mmdb  

Example Output:

{"greynoise":{"classification":"malicious","cves":["CVE-2015-2051","CVE-2016-20016","CVE-2018-10561","CVE-2018-10562","CVE-2016-6277","CVE-2024-12847"],"date":"2026-04-07","handshake_complete":true,"last_seen":"2026-04-07T00:00:00Z","seen":true,"tags":["Mirai TCP Scanner","Mirai","Telnet Protocol","Generic IoT Default Password Attempt","Web Crawler","Generic Suspicious Linux Command in Request","HNAP Crawler","Telnet Login Attempt","D-Link Devices HNAP SOAPAction Header RCE Attempt","MVPower CCTV DVR RCE CVE-2016-20016 Attempt","JAWS Webserver RCE","GPON CVE-2018-10561 Router Worm","Generic ${IFS} Use in RCE Attempt","CCTV-DVR RCE","NETGEAR Command Injection CVE-2016-6277","NETGEAR DGN setup.cgi CVE-2024-12847 Command Execution Attempt","CGI Script Scanner"],"actor":"unknown"},"ip":"14.1.105.157"}

Reviewer Note:

While in addition to .mmdb, GreyNoise offers their data download in a binary file format called Psychic, a custom bitmask data structure that offers file sizes approx. 1/3rd that of .mmdb files. (Described here)

However, at the time of PR opening they had not completed their Go library wrappers for interacting with this file format (as they state in their README here). For a single day of GreyNoise's data feed the .mmdb file is only 16MB, so I don't see this as a blocker.

Associated Issues

Closes #63